feat: two-role system — super_admin & admin program (Fasa 12)

- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

database/factories/UserFactory.php

@@ -30,7 +30,7 @@ class UserFactory extends Factory
             'email_verified_at'  => now(),
             'password'           => static::$password ??= Hash::make('password'),
             'remember_token'     => Str::random(10),
-            'is_admin'           => true,
+            'role'               => 'super_admin',
         ];
     }
 
@@ -41,8 +41,15 @@ class UserFactory extends Factory
         ]);
     }
 
+    public function adminProgram(): static
+    {
+        return $this->state(fn (array $attributes) => ['role' => 'admin']);
+    }
+
     public function nonAdmin(): static
     {
-        return $this->state(fn (array $attributes) => ['is_admin' => false]);
+        // role='none' bukan dalam enum yang valid → EnsureIsAdmin returns 403
+        // SQLite tidak enforce enum constraint dalam tests
+        return $this->state(fn (array $attributes) => ['role' => 'none']);
     }
 }